Security

Security | News, how-tos, features, reviews, and videos

healthcare data breach / medical patient privacy security violation
programmer developer devops apps developer code hacker dark secrets by peopleimages getty

cso security hack breach water leak gettyimages 466029458 by firmafotografen 2400x1600px

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...

FBI Flag

Yes, the FBI held back REvil ransomware keys

The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI's alone.

Ransomware  >  An encrypted system, held ransom with lock + chain, displays a dollar sign.

US cryptocurrency exchange sanctions over ransomware likely not the last

The sanctions are aimed to cut ransomware gangs off from their revenue. Advisory on sanctions risks regarding ransomware payments also updated.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

How to mitigate the Microsoft Office zero-day attack

Follow this advice to block malicious Office files from doing harm to your network even if you've implemented Microsoft's recommended actions.

USA / United States of America stars + stripes and binary code superimposed over The White House

Software cybersecurity labels face practical, cost challenges

The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.

red padlock cybersecurity threat ransomeware

The Kaseya ransomware attack: A timeline

REvil's ransomware attack on software provider Kaseya underscored the threats to supply chains that ransomware groups pose. Here is an up-to-date timeline of the attack.

locked data / bitcoins

Biden sanctions Suex cryptocurrency exchange to stifle ransomware payments

In the wake of significant ransomware attacks, President Biden has sanctioned cryptocurrency exchange Suex in a clear attempt to prevent ransomware payments.

One person uses a calculator while another reviews financial data.

The new math of cybersecurity value

An increasing number of CISOs are devising a new set of metrics to show how they’re impacting risk at their organizations.

job growth climbing the corporate ladder promotion stairs corporate govenernance new job nathan dum

CRISC certification: Your ticket to the C-suite?

Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. Learn about the exam, prerequisites, study guides, and potential salary.

youtube thumbnails template 021020
video

How to mitigate the Microsoft MSHTML remote code execution zero-day

A new zero-day vulnerability allows attackers to gain network access through Microsoft 365 documents. Here’s how to stop it.

security threats and vulnerabilities

APT actors exploit flaw in ManageEngine single sign-on solution

US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.

radar grid / computer circuits / intrusion detection / scanning

5 observations about XDR

The technology is evolving, so security professionals and pundits must be open-minded and closely track market developments.

A U.S. dollar sign casts a question mark shadow.

7 unexpected ransomware costs

Indirect costs related to a ransomware attack can add up over time. These are the expenses and financial risks that CISOs should be aware of.

CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

Top cybersecurity M&A deals for 2021

The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.

tc watson celanese
video

How chemical manufacturer Celanese secures its IT and OT environments

Celanese Corporation is a global chemical leader in the production of differentiated chemistry solutions and specialty materials used in most major industries and consumer applications. With IT and OT environments exposed to risk, the...

danger lurking in mobile binary code

How APTs become long-term lurkers: Tools and techniques of a targeted attack

A new McAfee report details the tools and techniques an APT group used to go undetected on a client network for over a year.

Tech Spotlight   >   Cybersecurity [CSO]   >   Hands gesture in conversation

How CISOs and CIOs should share cybersecurity ownership

CISOs and CIOs weigh in on how their cybersecurity responsibilities are evolving with changes in the business environment and threat landscape.

Social media threat / danger / risk >  Text bubbles interact, one bearing skull + crossbones

Social engineering explained: How criminals exploit human behavior

Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.

Load More